2 .\" Copyright (c) 2008, Sun Microsystems, Inc. All Rights Reserved
3 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
4 .\" See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with
5 .\" the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
6 .TH SHAREMGR 1M "Feb 25, 2017"
8 sharemgr \- configure and manage file sharing
12 \fBsharemgr\fR \fIsubcommand\fR [\fIoptions\fR]
17 \fBadd-share\fR [\fB-nth\fR] [\fB-r\fR \fIresource-name\fR] [\fB-d\fR "\fIdescription text\fR"]
18 \fB-s\fR \fIsharepath\fR \fIgroup\fR
23 \fBcreate\fR [\fB-nvh\fR] [\fB-P\fR \fIproto\fR [\fB-p\fR \fIproperty\fR=\fIvalue\fR]] \fIgroup\fR
28 \fBdelete\fR [\fB-nvh\fR] [\fB-P\fR \fIproto\fR] [\fB-f\fR] \fIgroup\fR
33 \fBdisable\fR [\fB-nvh\fR] [\fB-a\fR | \fIgroup\fR...]
38 \fBenable\fR [\fB-nvh\fR] [\fB-a\fR | \fIgroup\fR...]
43 \fBlist\fR [\fB-vh\fR] [\fB-P\fR \fIproto\fR]
48 \fBmove-share\fR [\fB-nv\fR] \fB-s\fR \fIsharepath\fR \fIdestination-group\fR
53 \fBremove-share\fR [\fB-fnvh\fR] \fB-s\fR \fIsharepath\fR \fIgroup\fR
58 \fBset\fR [\fB-nvh\fR] \fB-P\fR \fIproto\fR [\fB-p\fR \fIproperty\fR=\fIvalue\fR]... [\fB-S\fR \fIoptionset\fR]
59 [\fB-s\fR \fIsharepath\fR] \fIgroup\fR
64 \fBset-share\fR [\fB-nh\fR] [\fB-r\fR \fIresource\fR] [\fB-d\fR "\fIdescription text\fR"]
65 \fB-s\fR \fIsharepath\fR \fIgroup\fR
70 \fBshow\fR [\fB-pvxh\fR] [\fB-P\fR \fIproto\fR] [\fIgroup\fR]...
75 \fBunset\fR [\fB-nvh\fR] \fB-P\fR \fIproto\fR [\fB-S\fR \fIoptionset\fR] [\fB-p\fR \fIproperty\fR]...
81 \fBshare\fR [\fB-F\fR \fIfstype\fR] [\fB-p\fR] [\fB-o\fR \fIoptionlist\fR] [\fB-d\fR \fIdescription\fR]
82 [\fIpathname\fR [\fIresourcename\fR]]
87 \fBunshare\fR [\fB-F\fR \fIfstype\fR] [\fB-p\fR] [\fB-o\fR \fIoptionlist\fR] \fIsharepath\fR
92 The \fBsharemgr\fR command configures share groups and the shares contained
96 A group name must conform to service management facility (SMF) (see
97 \fBsmf\fR(5)) service-naming conventions, thus is limited to starting with an
98 alphabetic character, with the rest of the name consisting only of alphanumeric
99 characters plus \fB-\fR (hyphen) and \fB_\fR (underbar).
102 Subcommands that result in a configuration change support a dry-run option.
103 When dry-run (\fB-n\fR) is specified, the syntax and validity of the command is
104 tested but the configuration is not actually updated.
107 For all subcommands, the \fB-h\fR option lists usage and help information.
110 For subcommands with the verbose (\fB-v\fR) option, additional information will
111 be provided. For example, in conjunction with the \fB-n\fR option, verbose mode
112 will also indicate whether the current user has sufficient permissions to
113 accomplish the operation.
116 There are two groups that are created automatically. The \fBdefault\fR group
117 always exists and covers legacy NFS shares only. The \fBzfs\fR group will be
118 created when ZFS shares are enabled.
121 The options shown in the SYNOPSIS section are described in the context of each
122 subcommand. All subcommands except \fBlist\fR and \fBshow\fR require root
123 privileges or that you assume the Primary Administrator role.
126 With no subcommand entered, a \fBsharemgr\fR command with the \fB-h\fR option
127 displays a usage message for all subcommands.
130 The following subcommands follow \fBsharemgr\fR on a command line. Commands
135 % \fBsharemgr \fI<subcommand>\fR [\fIoptions\fR]\fR
143 \fB\fBcreate\fR \fB[-nvh] [-P \fIproto\fR [-p \fIproperty\fR=\fIvalue\fR]]
148 Create a new group with specified name.
150 If \fB-n\fR is specified, the command checks only the validity of the command
151 and that the group does not already exist.
153 If no protocol is specified, all known protocols are enabled for the specified
154 group. If a protocol is specified, only that protocol is enabled. You can
155 specify properties for a specified protocol.
157 If \fIgroup\fR exists, use of \fB-P\fR adds the specified protocol to that
160 As an example of the \fBcreate\fR subcommand, the following command creates a
161 new group with the name \fBmygroup\fR.
165 # \fBsharemgr create mygroup\fR
170 Because no protocol was specified in the preceding command, all defined
171 protocols will be enabled on the group.
177 \fB\fBdelete\fR \fB[-nvh] [-P \fIproto\fR] [-f] \fIgroup\fR\fR\fR
181 Delete the specified group. If the group is not empty, you can use the \fB-f\fR
182 option to force the deletion, which unshares and removes all shares from the
183 group before removing the group itself.
185 If you specify a protocol, rather than deleting the whole group, this
186 subcommand deletes the protocol from the group.
188 The \fB-n\fR option can be used to test the syntax of the command.
190 As an example, the following command removes the group \fBmygroup\fR from the
191 configuration if it is empty.
195 # \fBsharemgr delete mygroup\fR
200 The following command removes any existing shares prior to removing the group.
204 # \fBsharemgr delete -f mygroup\fR
209 Note the use of the force (\fB-f\fR) option, above.
215 \fB\fBlist\fR \fB[-vh] [-P \fIproto\fR]\fR\fR
219 List the defined groups.
221 If a protocol is specified, list only those groups that have the specified
224 If the verbose option is specified, the current state of the group and all
225 protocols enabled on the group are listed as well. For example:
229 # \fBsharemgr list -v\fR
231 rdonlygrp disabled nfs
241 \fB\fBshow\fR \fB[-pvxh] [-P \fIproto\fR] [\fIgroup\fR...]\fR\fR
245 Shows the contents of the specified group(s).
247 If the verbose option is specified, the resource name and description of each
248 share is displayed if they are defined. Otherwise, only the share paths are
249 displayed. Also, when temporary shares are listed, they are prefixed with an
252 If the \fB-p\fR option is specified, all options defined for the protocols of
253 the group are displayed, in addition to the display without options. If the
254 \fB-P\fR option is used, the output is limited to those groups that have the
255 specified protocol enabled. If the \fB-x\fR option is specified, output is in
256 XML format and the \fB-p\fR and \fB-v\fR options are ignored, because all
257 information is included in the XML.
259 The following example illustrates the use of the \fB-p\fR option.
263 # \fBsharemgr show -p mygroup\fR
266 mygroup nfs=(nosuid=true)
273 The following example illustrates the use of the \fB-v\fR option.
277 # \fBsharemgr show -v mygroup\fR
279 HOME0=/export/home/home0 "Home directory set 0"
280 HOME1=/export/home/home1 "Home directory set 1"
285 ZFS managed shares are handled in a way similar to the way NFS shares are
286 handled. These shares appear as subgroups within the parent group \fBzfs\fR.
287 The subgroups are always prefixed with \fBzfs/\fR and use the ZFS dataset name
288 for the rest of the name. The mount point and any sub-mounts that inherit
289 sharing are shown as the shares of the subgroup. For example:
293 # \fBsharemgr show -vp zfs\fR
307 \fB\fBset\fR \fB[-nvh] -P \fIproto\fR [-S \fIoptionset\fR] [-p
308 \fIproperty\fR=\fIvalue\fR]* [-s \fIshare path\fR] \fIgroup\fR\fR\fR
312 Set protocol-specific properties on the specified group.
314 The \fB-P\fR option is required and must specify a valid protocol.
316 Optionsets are protocol-specific sets of properties that can be negotiated by
317 the protocol client. For NFS, optionsets are equivalent to security modes as
318 defined in \fBnfssec\fR(5). If \fB-S\fR \fIoptionset\fR is specified, the
319 properties are applied to the selected optionset. Otherwise they are applied to
320 the general optionset.
322 Together, \fB-P\fR and \fB-S\fR select a specific view of the group's options
325 Property values are strings. A specified property is set to a new value if the
326 property already exists or is added to the protocol if it does not already
329 In the general case, at least one property must be set. If \fB-S\fR is
330 specified, properties can be omitted and the specified optionset is enabled for
333 The \fB-s\fR option allows setting properties on a per-share basis. While this
334 is supported, it should be limited to managing legacy shares and to the
335 occasional need for an override of a group-level property or placing an
336 additional property on one share within a group.
338 An example of this subcommand:
342 # \fBsharemgr set -P nfs -p anon=1234 mygroup\fR
347 The preceding command adds the property \fBanon=1234\fR to the \fBnfs\fR view
348 of group \fBmygroup\fR. If \fBmygroup\fR has existing shares, they will all be
349 reshared with the new property value(s).
355 \fB\fBunset\fR \fB[-nvh] -P proto [-S \fIoptionset\fR] [-p \fIproperty\fR]* [-s
356 \fIsharepath\fR ] \fIgroup\fR\fR\fR
360 Unset the specified properties for the protocol or for the specified
361 \fIoptionset\fR of the protocol.
363 In the general case, at least one property must be set. If \fB-S\fR is
364 specified, properties can be omitted and the specified optionset is removed
367 The \fB-s\fR option allows removing a share-specific property.
369 An example of this subcommand:
373 # \fBsharemgr unset -P nfs -p anon mygroup\fR
378 The preceding command removes the \fBanon=\fR property from the \fBnfs\fR view
379 of group \fBmygroup\fR. If \fBmygroup\fR has existing shares, they will all be
380 reshared with the new property value(s).
386 \fB\fBadd-share\fR \fB[-nth] [-r \fIresource-name\fR] [-d "\fIdescription
387 text\fR"] -s \fIsharepath\fR \fIgroup\fR\fR\fR
391 Add a new share to the specified group.
393 The \fB-s\fR option is mandatory and takes a full directory path.
395 If either or both of \fB-d\fR and \fB-r\fR are specified, they specify values
396 associated with the share. \fB-d\fR provides a description string to document
397 the share and \fB-r\fR provides a protocol-independent resource name. Resource
398 names are not used by NFS at this time but can be specified. These names
399 currently follow the same naming rules as group names.
401 The temporary option (\fB-t\fR) results in the share being shared but not
402 stored in the configuration repository. This option is intended for shares that
403 should not survive a reboot or server restart, or for testing purposes.
404 Temporary shares are indicated in the \fBshow\fR subcommand output with an
405 asterisk (\fB*\fR) preceding the share.
407 If \fIsharepath\fR is a ZFS path and that path is added to the \fBzfs\fR group,
408 \fBsharemgr\fR creates a new ZFS subgroup; the new share is added to that
409 subgroup. Any ZFS sub-filesystems under the ZFS filesystem designated by
410 \fIsharepath\fR will inherit the shared status of \fIsharepath\fR.
412 The effect of the \fBadd-share\fR subcommand on a ZFS dataset is determined by
413 the values of the \fBsharesmb\fR and \fBsharenfs\fR properties of that dataset.
415 See \fBzfs\fR(1M) for a description of the \fBsharesmb\fR and \fBsharenfs\fR
418 The following are examples of the \fBadd-share\fR subcommand.
422 # \fBsharemgr add-share -s /export/home/home0 -d "home \e
423 directory set 0" -r HOME0 mygroup\fR
425 # \fBsharemgr add-share -s /export/home/home1 -d "home \e
426 directory set 1" -r HOME1 mygroup\fR
431 The preceding commands add \fB/export/home/home0\fR and
432 \fB/export/home/home1\fR to the group \fBmygroup\fR. A descriptive comment and
433 a resource name are included.
439 \fB\fBmove-share\fR \fB[-nvh] -s \fIsharepath\fR \fIdestination-group\fR\fR\fR
443 Move the specified share from the group it is currently in to the specified
444 destination group. The \fBmove-share\fR subcommand does not create a group. A
445 specified group must exist for the command to succeed.
447 The following is an example of this subcommand.
451 # \fBsharemgr move-share -s /export/home/home1 newgroup\fR
456 Assuming \fB/export/home/home1\fR is in the group \fBmygroup\fR, the preceding
457 command moves \fB/export/home/home1\fR to the group \fBnewgroup\fR and unshares
458 and then reshares the directory with the properties associated with
465 \fB\fBremove-share\fR \fB[-fnvh] -s \fIsharepath\fR \fIgroup\fR\fR\fR
469 Remove the specified share from the specified group. The force (\fB-f\fR)
470 option forces the share to be removed even if it is busy.
472 You must specify the full path for \fIsharepath\fR. For group, use the subgroup
473 as displayed in the output of the \fBsharemgr show\fR command. Note that if
474 there are subshares that were created by inheritance, these will be removed,
475 along with the parent shares.
481 \fB\fBset-share\fR \fB[-nvh] [-r \fIresource\fR] [-d "\fIdescription text\fR"]
482 -s \fIsharepath\fR \fIgroup\fR\fR\fR
486 Set or change the specified share's description and resource values. One use of
487 \fBset-share\fR is to rename a resource. The syntax for this use of the
492 # \fBsharemgr set-share -r \fIcurrent_name\fR=\fInew_name\fR -s \fIsharepath\fR \fIgroup\fR\fR
502 \fB\fBenable\fR \fB[-nvh] [\fIgroup\fR... | -a]\fR\fR
506 Enable the specified group(s), or (with \fB-a\fR) all groups, and start sharing
507 the contained shares. This state persists across reboots.
509 An enabled group will be shared whenever the corresponding SMF service instance
510 is enabled. \fBsharemgr\fR will start the SMF service instance if it is not
517 \fB\fBdisable\fR \fB[-nvh] [\fIgroup\fR... | -a]\fR\fR
521 Disable the specified group(s), or (with \fB-a\fR) all groups, and unshare the
522 shares that they contain. This state persists across reboots.
524 A disabled group will not be shared even if the corresponding SMF service
525 instance is online. This feature is useful when you do not want a group of
526 shares to be started at boot time.
532 \fB\fBstart\fR \fB[-vh] [-P \fIproto\fR] [\fIgroup\fR... | -a]\fR\fR
536 Start the specified group, or (with \fB-a\fR) all groups. The \fBstart\fR
537 subcommand is similar to \fBenable\fR in that all shares are started, but
538 \fBstart\fR works only on groups that are enabled. \fBstart\fR is used by the
539 SMF to start sharing at system boot.
541 A group will not start sharing if it is in the \fBsharemgr\fR \fBdisabled\fR
542 state. However, the corresponding SMF service instance will be started.
544 Note that the \fBstart\fR subcommand is similar to the \fBshareall\fR(1M)
545 command in that it starts up only the configured shares. That is, the enabled
546 shares will start being shared, but the configuration state is left the same.
551 # \fBsharemgr start -a\fR
556 \&...is equivalent to:
570 \fB\fBstop\fR \fB[-vh] [-P \fIproto\fR] [\fIgroup\fR... | -a]\fR\fR
574 Stop the specified group, or (with \fB-a\fR) all groups. The \fBstop\fR
575 subcommand is similar to \fBdisable\fR in that all shares are no longer shared,
576 but it works only on groups that are enabled. \fBstop\fR is used by the SMF to
577 stop sharing at system shutdown.
579 Note that the \fBstop\fR subcommand is similar to the \fBunshareall\fR(1M)
580 command in that all active shares are unshared, but the configuration is left
581 the same. That is, the shares are stopped but the service instances are left
582 enabled. The command:
586 # \fBsharemgr stop -a\fR
591 \&...is equivalent to:
605 \fB\fBshare\fR \fB[-F \fIfstype\fR] [-p] [-o \fIoptionlist\fR] [-d
606 \fIdescription\fR] [\fIpathname\fR [\fIresourcename\fR]]\fR\fR
610 Shares the specified path in the \fBdefault\fR share group. This subcommand
611 implements the \fBshare\fR(1M) functionality. Shares that are shared in this
612 manner will be transient shares. Use of the \fB-p\fR option causes the shares
619 \fB\fBunshare\fR \fB[-F \fIfstype\fR] [-p] [-o \fIoptionlist\fR]
620 \fIsharepath\fR\fR\fR
624 Unshares the specified share. This subcommand implements the \fBunshare\fR(1M)
625 functionality. By default, the \fBunshare\fR is temporary. The \fB-p\fR option
626 is provided to remove the share from the configuration in a way that persists
630 .SS "Supported Properties"
632 Properties are protocol-specific. Currently, only the NFS and SMB protocols are
633 supported. Properties have the following characteristics:
638 Values of type \fIboolean\fR take either \fBtrue\fR or \fBfalse\fR.
644 Values of type \fIvalue\fR take a numeric value.
650 Values of type \fIfile\fR take a file name and not a file path.
656 Values of type \fIaccess-list\fR are described in detail following the
657 descriptions of the NFS properties.
661 The general properties supported for NFS are:
665 \fB\fBabe=\fR\fIboolean\fR\fR
669 Set the access-based enumeration (ABE) policy for a share. When set to
670 \fBtrue\fR, ABE filtering is enabled on this share and directory entries to
671 which the requesting user has no access will be omitted from directory listings
672 returned to the client. When set to \fBfalse\fR or not defined, ABE filtering
673 will not be performed on this share. This property is not defined by default.
681 Disable ABE for this share.
691 Enable ABE for this share.
699 \fB\fBaclok=\fIboolean\fR\fR\fR
703 Allows the NFS server to do access control for NFS Version 2 clients (running
704 SunOS 2.4 or earlier). When \fBaclok\fR is set on the server, maximum access is
705 given to all clients. For example, with \fBaclok\fR set, if anyone has read
706 permissions, then everyone does. If \fBaclok\fR is not set, minimum access is
707 given to all clients.
713 \fB\fBad-container\fR\fR
717 Specifies the AD container in which to publish shares.
719 The AD container is specified as a comma-separated list of attribute name-value
720 pairs using the LDAP distinguished name (DN) or relative distinguished name
721 (RDN) format. The DN or RDN must be specified in LDAP format using the
722 \fBcn=\fR, \fBou=\fR, and \fBdc=\fR prefixes:
727 \fBcn\fR represents the common name
733 \fBou\fR represents the organizational unit
739 \fBdc\fR represents the domain component
741 \fBcn=\fR, \fBou=\fR and \fBdc=\fR are attribute types. The attribute type used
742 to describe an object's RDN is called the naming attribute, which, for ADS,
743 includes the following object classes:
748 \fBcn\fR for the \fBuser\fR object class
754 \fBou\fR for the organizational unit (\fBOU\fR) object class
760 \fBdc\fR for the \fBdomainDns\fR object class
767 \fB\fBanon=\fIuid\fR\fR\fR
771 Set \fIuid\fR to be the effective user ID of unknown users. By default, unknown
772 users are given the effective user ID \fBUID_NOBODY\fR. If uid is set to
773 \fB-1\fR, access is denied.
779 \fB\fBcatia=\fIboolean\fR\fR\fR
783 CATIA V4 uses characters in file names that are considered to be invalid by
784 Windows. CATIA V5 is available on Windows. A CATIA V4 file could be
785 inaccessible to Windows clients if the file name contains any of the characters
786 that are considered illegal in Windows. By default, CATIA character
787 substitution is not performed.
789 If the \fBcatia\fR property is set to true, the following character
790 substitution is applied to file names.
796 " \e250 0x00a8 Dieresis
797 * \e244 0x00a4 Currency Sign
798 / \e370 0x00f8 Latin Small Letter O with Stroke
799 : \e367 0x00f7 Division Sign
800 < \e253 0x00ab Left-Pointing Double Angle Quotation Mark
801 > \e273 0x00bb Right-Pointing Double Angle Quotation Mark
802 ? \e277 0x00bf Inverted Question Mark
803 \e \e377 0x00ff Latin Small Letter Y with Dieresis
804 | \e246 0x00a6 Broken Bar
814 \fB\fBcksum=\fIcksumlist\fR\fR\fR
818 Set the share to attempt to use end-to-end checksums. The value \fIcksumlist\fR
819 specifies the checksum algorithms that should be used.
825 \fB\fBcsc=\fR\fIvalue\fR\fR
829 Set the client-side caching policy for a share. Client-side caching is a client
830 feature and offline files are managed entirely by the clients.
833 The following are valid values for the \fBcsc\fR property:
838 \fBmanual\fR \fB-\fR Clients are permitted to cache files from the specified
839 share for offline use as requested by users. However, automatic file-by-file
840 reintegration is not permitted. \fBmanual\fR is the default value.
846 \fBauto\fR \fB-\fR Clients are permitted to automatically cache files from the
847 specified share for offline use and file-by-file reintegration is permitted.
853 \fBvdo\fR \fB-\fR Clients are permitted to automatically cache files from the
854 specified share for offline use, file-by-file reintegration is permitted, and
855 clients are permitted to work from their local cache even while offline.
861 \fBdisabled\fR \fB-\fR Client-side caching is not permitted for this share.
868 \fB\fBguestok=\fR\fIboolean\fR\fR
872 Set the guest access policy for the share. When set to \fBtrue\fR guest access
873 is allowed on this share. When set to \fBfalse\fR or not defined guest access
874 is not allowed on this share. This property is not defined by default.
876 An \fBidmap\fR(1M) name-based rule can be used to map \fBguest\fR to any local
877 username, such as \fBguest\fR or \fBnobody\fR. If the local account has a
878 password in \fB/var/smb/smbpasswd\fR the guest connection will be authenticated
879 against that password. Any connection made using an account that maps to the
880 local guest account will be treated as a guest connection.
882 Example name-based rule:
886 # \fBidmap add winname:Guest unixuser:guest\fR
896 \fB\fBindex=\fIfile\fR\fR\fR
900 Load \fIfile\fR rather than a listing of the directory containing this file
901 when the directory is referenced by an NFS URL.
907 \fB\fBlog=\fItag\fR\fR\fR
911 Enables NFS server logging for the specified system. The optional tag
912 determines the location of the related log files. The tag is defined in
913 \fBetc/nfs/nfslog.conf\fR. If no tag is specified, the default values
914 associated with the global tag in \fBetc/nfs/nfslog.conf\fR is used. Support of
915 NFS server logging is available only for NFS Version 2 and Version 3 requests.
921 \fB\fBnosub=\fIboolean\fR\fR\fR
925 Prevents clients from mounting subdirectories of shared directories. For
926 example, if \fB/export\fR is shared with the \fBnosub\fR option on server
927 \fBwool\fR then an NFS client cannot do:
931 # \fBmount -F nfs wool:/export/home/mnt\fR
936 NFS Version 4 does not use the MOUNT protocol. The \fBnosub\fR option applies
937 only to NFS Version 2 and Version 3 requests.
943 \fB\fBnosuid=\fIboolean\fR\fR\fR
947 By default, clients are allowed to create files on a shared file system with
948 the \fBsetuid\fR or \fBsetgid\fR mode enabled. Specifying \fBnosuid\fR causes
949 the server file system to silently ignore any attempt to enable the
950 \fBsetuid\fR or \fBsetgid\fR mode bits.
956 \fB\fBpublic=\fIboolean\fR\fR\fR
960 Moves the location of the public file handle from root (\fB/\fR) to the
961 exported directory for WebNFS-enabled browsers and clients. This option does
962 not enable WebNFS service; WebNFS is always on. Only one file system per server
963 can have the \fBpublic\fR property. You can apply the \fBpublic\fR property
964 only to a share and not to a group.
969 NFS also supports negotiated optionsets for supported security modes. The
970 security modes are documented in \fBnfssec\fR(5). The properties supported for
971 these optionsets are:
975 \fB\fIcharset\fR=\fIaccess-list\fR\fR
979 Where \fIcharset\fR is one of: \fBeuc-cn\fR, \fBeuc-jp\fR, \fBeuc-jpms\fR,
980 \fBeuc-kr\fR, \fBeuc-tw\fR, \fBiso8859-1\fR, \fBiso8859-2\fR, \fBiso8859-5\fR,
981 \fBiso8859-6\fR, \fBiso8859-7\fR, \fBiso8859-8\fR, \fBiso8859-9\fR,
982 \fBiso8859-13\fR, \fBiso8859-15\fR, \fBkoi8-r\fR.
984 Clients that match the \fIaccess-list\fR for one of these properties will be
985 assumed to be using that character set and file and path names will be
986 converted to UTF-8 for the server.
992 \fB\fBro=\fIaccess-list\fR\fR\fR
996 Sharing is read-only to the clients listed in \fIaccess-list\fR; overrides the
997 \fBrw\fR suboption for the clients specified. See the description of
998 \fIaccess-list\fR below.
1004 \fB\fBrw=\fIaccess-list\fR\fR\fR
1008 Sharing is read-write to the clients listed in \fIaccess-list\fR; overrides the
1009 \fBro\fR suboption for the clients specified. See the description of
1010 \fIaccess-list\fR below.
1016 \fB\fBnone=\fIaccess-list\fR\fR\fR
1020 Access is not allowed to any client that matches the access list. The exception
1021 is when the access list is an asterisk (\fB*\fR), in which case \fBro\fR or
1022 \fBrw\fR can override \fBnone\fR.
1028 \fB\fBroot=\fIaccess-list\fR\fR\fR
1032 Only root users from the hosts specified in \fIaccess-list\fR have root access.
1033 See details on \fIaccess-list\fR below. By default, no host has root access, so
1034 root users are mapped to an anonymous user ID (see the \fBanon=uid\fR option
1035 described above). Netgroups can be used if the file system shared is using UNIX
1036 authentication (\fBAUTH_SYS\fR).
1042 \fB\fBroot_mapping=\fIuid\fR\fR\fR
1046 For a client that is allowed root access, map the root UID to the specified
1053 \fB\fBwindow=\fIvalue\fR\fR\fR
1057 When sharing with \fBsec=dh\fR (see \fBnfssec\fR(5)), set the maximum lifetime
1058 (in seconds) of the RPC request's credential (in the authentication header)
1059 that the NFS server allows. If a credential arrives with a lifetime larger than
1060 what is allowed, the NFS server rejects the request. The default value is 30000
1061 seconds (8.3 hours). This property is ignored for security modes other than
1067 The general properties supported for SMB are:
1071 \fB\fBro=\fIaccess-list\fR\fR\fR
1075 Sharing is read-only to the clients listed in \fIaccess-list\fR; overrides the
1076 \fBrw\fR suboption for the clients specified. See the description of
1077 \fIaccess-list\fR below.
1083 \fB\fBrw=\fIaccess-list\fR\fR\fR
1087 Sharing is read-write to the clients listed in \fIaccess-list\fR; overrides the
1088 \fBro\fR suboption for the clients specified. See the description of
1089 \fIaccess-list\fR below.
1095 \fB\fBnone=\fIaccess-list\fR\fR\fR
1099 Access is not allowed to any client that matches the access list. The exception
1100 is when the access list is an asterisk (\fB*\fR), in which case \fBro\fR or
1101 \fBrw\fR can override \fBnone\fR.
1104 .SS "Access List Argument"
1106 The \fIaccess-list\fR argument is either the string \fB"*"\fR to represent all
1107 hosts or a colon-separated list whose components can be any number of the
1112 \fB\fIhostname\fR\fR
1116 The name of a host. With a server configured for DNS or LDAP naming in the
1117 \fBnsswitch.conf\fR(4) \fBhosts\fR entry, a hostname must be represented as a
1118 fully qualified DNS or LDAP name.
1124 \fB\fInetgroup\fR\fR
1128 A \fInetgroup\fR contains a number of hostnames. With a server configured for
1129 DNS or LDAP naming in the \fBnsswitch.conf\fR(4) \fBhosts\fR entry, any
1130 hostname in a netgroup must be represented as a fully qualified DNS or LDAP
1137 \fB\fIdomainname\fR.\fIsuffix\fR\fR
1141 To use domain membership the server must use DNS or LDAP, rather than, for
1142 example, NIS, to resolve hostnames to IP addresses. That is, the
1143 \fBhosts\fR entry in the \fBnsswitch.conf\fR(4) must specify \fBdns\fR or
1144 \fBldap\fR ahead of \fBnis\fR, because only DNS and LDAP
1145 return the full domain name of the host. Other name services, such as NIS,
1146 cannot be used to resolve hostnames on the server because, when mapping
1147 an IP address to a hostname, they do not return domain information. For
1148 example, for the IP address 172.16.45.9:
1156 Returns: \fBmyhost\fR
1166 Returns: \fBmyhost.mydomain.mycompany.com\fR
1169 The domain name suffix is distinguished from hostnames and netgroups by a
1170 prefixed dot. For example:
1174 rw=.mydomain.mycompany.com
1178 A single dot can be used to match a hostname with no suffix. For example, the
1187 \&...matches \fBmydomain\fR but not \fBmydomain.mycompany.com\fR. This feature
1188 can be used to match hosts resolved through NIS rather than DNS and
1199 The network or subnet component is preceded by an at-sign (\fB@\fR). It can be
1200 either a name or a dotted address. If a name, it is converted to a dotted
1201 address by \fBgetnetbyname\fR(3SOCKET). For example:
1209 \&...is equivalent to:
1213 =@172.16 or =@172.16.0.0
1217 The network prefix assumes an octet-aligned netmask determined from the zeroth
1218 octet in the low-order part of the address up to and including the high-order
1219 octet, if you want to specify a single IP address. In the case where network
1220 prefixes are not byte-aligned, the syntax allows a mask length to be specified
1221 explicitly following a slash (\fB/\fR) delimiter. For example:
1225 =@theothernet/17 or =@172.16.132/22
1229 \&...where the mask is the number of leftmost contiguous significant bits in
1230 the corresponding IP address.
1235 A prefixed minus sign (\fB-\fR) denies access to a component of
1236 \fIaccess-list\fR. The list is searched sequentially until a match is found
1237 that either grants or denies access, or until the end of the list is reached.
1238 For example, if host \fBterra\fR is in the netgroup \fBengineering\fR, then:
1242 rw=-terra:engineering
1248 \&...denies access to \fBterra\fR, but:
1252 rw=engineering:-terra
1258 \&...grants access to \fBterra\fR.
1265 Successful completion.
1274 Service is offline and cannot be enabled (start only).
1280 \fB\fIother non-zero\fR\fR
1289 \fB\fB/usr/include/libshare.h\fR\fR
1292 Error codes used for exit status.
1297 See \fBattributes\fR(5) for descriptions of the following attributes:
1305 ATTRIBUTE TYPE ATTRIBUTE VALUE
1307 Interface Stability Committed
1312 \fBidmap\fR(1M), \fBsharectl\fR(1M), \fBzfs\fR(1M), \fBattributes\fR(5),
1313 \fBnfssec\fR(5), \fBsmf\fR(5), \fBstandards\fR(5)